Member of European Parliament sends "Thank you for fighting ACTA" email with 2K emails in the body

From the Boing Boing Shop

Popular Posts

Follow Us

As part of my protest against ACTA I signed up to the fightforthefuture.org web page, and asked them to contact my MEP on my behalf, which they did.

Now that ACTA has been defeated, Paul Nuttall, UKIP MEP for the North West and UKIP Deputy Leader, emailed people who had protested, en masse. (I am in Devon in the South West, so he is not my particular representative).

I include the email below, but the interesting part is the forwarded message underneath, which includes a list of all TWO THOUSAND AND TWENTY ONE people who signed up...

33 minutes after receiving the email I received another from Paul Nuttall requesting the recall of the email, a little late really.

I frequently hear from career Euro activists that the Members of the European Parliament have little or no IT expertise and support. Everyone has mixed up CC and BCC at some time or another, but using CC or BCC to send an email to 2,021 people in the first place is poor solution to a common problem. It's the kind of thing that your IT department should be able to sort out for you, by creating a mailing list with a single address whose membership MEPs can manage through a browser.

Update: Lee, who submitted the item, clarifies: "The email wasn't BCCd or CCd to the 2021 petitioners, the email that Paul Nuttall forwarded contained the list of emails in it's body.
Indeed it seems very much like this list of emails was used to create an email group, which Paul Nuttall then used.
He just made the very foolish mistake of forwarding an email containing peoples personal information, whilst saying how UKIP will defend UK citizens rights and privacy."

It's possible that some of the people whose identities were revealed in the email could face workplace sanctions for opposing ACTA (I know a lot of people in the entertainment industry who privately oppose many of their employers' initiatives), so revealing their identities is a potential big deal.

It would be great to see a free/open web service that let people securely send messages to their MEPs, and then also made it easy for the MEPs to reply to them, individually or as a group. If the European Parliament and individual MEPs' parties and staffers can't handle interaction with their constituencies, then the constituents may have to handle it for them.

Update: I received this from Paul Nuttall's office:

May we please ask that you publish our response and apology - and we of course also extend that apology personally to you.

Please find the statement below.

Yours sincerely,

Office of Paul Nuttall

As a libertarian party we are in favour of internet freedom.

We oppose ACTA in its entirety and we are currently campaigning against the EU-Canada trade deal (CETA) which contains many ACTA-like provisions.

I can only tell you the simple truth; I was seeking to distribute an email protecting confidentiality using the bcc button but in error sent it out with a full list of emails attached.

I can only apologise, explain that it is the kind of mistake all too easy to make with modern technology and assure you that I have taken every step I can to rectify the situation since it happened.

We did not originally gather the data, nor did we intend to send it round. We did "bcc" (blind copy) all correspondents to protect identity. The list was sent to us and a number of other MEPs from an anti-ACTA campaign group which invited us to correspond with the list of contacts they had provided.

I hope you will accept our sincere apologies and can understand that this is the kind of thing that can happen to anyone.

Social scientist/cybersecurity expert Susan Landau (previously) and Cathy “Weapons of Math Destruction” O’Neil take to Lawfare to explain why it would be a dangerous mistake for the FBI to use machine learning-based chatbots to flush out potential terrorists online.

If you’re one of the 60% of Pebble employees who didn’t get a job offer from Fitbit, the company’s new owner, you’re probably not having a great Christmas season — but that trepedation is shared by 100% of Pebble customers, who’ve just learned (via the fine print on an update on the Pebble Kickstarter page) […]

The Black Friday Mac Bundle 2.0 is one of the Boing Boing Store’s best-selling Mac bundles yet, and it’s about to come to an end. If you don’t get your copy now, here’s what you’ll be missing:This bundle comes packing 9 top-rated Mac apps in one package, at the hugely discounted price of just $23.99. […]

The Boing Boing Store’s Gift Guide is full of ideas for pretty much anyone in your life like hipster ice cub trays, Xbox controllers, Halo Boards, and even diamond necklaces. As always, all products in the Boing Boing Store come at great discounts, too. Shop by price bucket starting at under $20. Under $20:Bloxx Jumbo Ice Trays […]

Unlike traditional lighters, the SaberLight features an electronic plasma beam that’s both rechargeable and butane-free. This sleek lighter is even approved by TSA, so you’ll never be stuck buying lighters you’ll just have to throw away partially used. For some people, like me, this is a pretty big game-changer. The SaberLight’s beam is actually both hotter and cleaner […]

Someone named Lee got the letter, and forwarded the tip to BB/Cory, and then Cory wrote the story… and the first post is from someone who didn’t read, but needed to somehow discredit the people who see ACTA for the hugely bad thing it is and try to pretend it was all outsiders who weren’t actually in a position to have a say in it complaining…

I am the Lee who submit the article. I didn’t email this guy at all, I went to the fightforthefuture page and submit my details there, and they then forwarded that on.
I don’t know why it went to Paul Nuttall, maybe he requested a list of everyone who had petitioned or maybe it’s the way fightforthefuture generally works.
Maybe it was my fault, I can’t recall the sign up procedure now but maybe if I had to select the rep I mis clicked, who knows.

There is one pretty important correction to the article though.

The email wasn’t BCCd or CCd to the 2021 petitioners, the email that Paul Nuttall forwarded contained the list of emails in it’s body.
Indeed it seems very much like this list of emails was used to create an email group, which Paul Nuttall then used.
He just made the very foolish mistake of forwarding an email containing peoples personal information, whilst saying how UKIP will defend UK citizens rights and privacy.

It is possible they were doing wide outreach to show how much UKIP cared, he is, as you stated, the Deputy Leader so would be a “good” spokesman to do such. Capitalizing on the defeat of ACTA seems to be a good way to drum up more supporters… letting everyone know who they were seems like a way to drive more of them away.

Are you sure it was two thousand and twenty-one Lee? Mine had 2621. If we received different lists then that’s even more worrying: there could be multiple versions of that email with an even bigger final tally…

but this is the point the killacta page didn’t break the areas down by region, the killacta people should have directed european people to a european email campaign site which would have directed people to only email their own meps. i emailed to point this out they never replied.

The local realtors and mortgage brokers here sign up for every charity mailing list because they know that some idiot will eventually CC the whole list, which they can then add to their own mailing list. Without, of course, first checking to see if they’re already on there.

It wasn’t, though – the email addresses were plain-text in fightforthefuture’s original email. They say this was to reduce server load, but that doesn’t seem like much of a reason to openly list private email addresses like this.

Kind of tragic, really – I expect this sort of mild incompetence from a UKIP MEP, but I’m surprised a net-savvy bunch like Fight For The Future would make this sort of error. Just makes people more leery of signing up for organisations like this…

The actual text was “NUTTALL Paul would like to recall the message, “Vote NO on ACTA”.” Which I found hilarious because it doesn’t actually recall the message, it just lets everyone know that he’d really like to.

“Paul would like to recall the message”? No shit, so would I in his shoes!

Works with Exchange only (much like “Urgent” tags do), but in his shoes I would be taking every step possible to minimize the distribution. If that means attempting to retract the message from those few who use Exchange at the cost of others getting a pointless follow-up email, so be it.

This is true. However, as a user in an exchange environment, I can tell you that it hardly ever works anyway. Don’t know why, but it seems to just NOT do anything for some inboxes except give a notice that the message wants to be recalled and doesn’t take action.

Holmes here from Fight for the Future. When you write your elected officials, they require an email address to reply to. So any tool that let people write their officials has to give them your email address.

For the US Congress, we send each member of Congress an individual email for every user who signs a letter. They require an email address to count it. And this way, members of Congress can reply to people who write them–which is exciting for people, and it sometimes yields useful information when people post those replies.

For MEPs, a few insiders we trusted suggested we not send individual emails for every signature, but we obviously needed to include the email addresses of signers somehow. So for people who signed a prewritten email we sent the email along with their signatures (emails) below the letter. Enter Paul Nuttall.

He either quoted the original email or copy-pasted the emails into a CC (he didn’t “reply-all” because the signers weren’t recipients of the email). I totally agree with the comments here that the way we did things made it to easy for him to do this.

So, Paul Nuttall. Thanks for taking the time to respond to your constituents. We’ll build a more parliament-proof system the next time around.

To reply to the first comment re: districts, countries have different ways of electing MEPs, and there’s no good common source of data for the EU. In most cases you’d be entering your party affiliation and not your address, anyway. I think the UK is the only or one of just a few countries that does it geographically. At the same time, I asked somebody knowledgable about this and they said on paper at least, each MEP represents everyone in their country (not just voters in a certain party or region, even if they’re voted in that way). Based on that information it made sense to send by country.

Between arbitrarily dividing them up, and sending to all of them, it seemed best to send to all. Especially since we were condensing individual emails into one letter, signed by many (so we weren’t sending them an absurd number of emails).

Could be worse. If you live in the East Midlands, you’re represented by the MEP (LibDem, former Conservative) Bill Newton Dunn. Here’s his take on ACTA, from his most recent newsletter. Features patronising use of the word geek and a belief that everyone who disagrees with ACTA wants everything for free:

ACTA (the Anti Counterfeiting Trade Agreement) MEPs experienced a prolonged deluge of emails from geeks around the world – but less than forty came from the East Midlands – using identical wording arguing that the ACTA treaty should be destroyed because of dangers to their personal freedom.

Western industries, on the other hand, argued strongly that they need protection from counterfeiting and from free downloading from the internet. But they were too logical and they failed to deluge MEPs in a similar way.

The result was an overwhelming defeat for the treaty. I was one of the few who defied the torrent and voted in favour because I believe that if you have to pay for something in a shop you should also pay for it on the internet, but geeks say everything should be free on the internet. The Commissioner says the treaty is not dead and will be brought back.

Afterwards, triumphant geeks emailed from around the world. Two geeks unwisely gave their game away, by warning about their next targets, the EU-Canadian free trade agreement and also “INDECT” which is a research project in the area of intelligent security systems performed by several European universities since 2009 and funded by the EU.

> and then also made it easy for the MEPs to reply to them, individually or as a group.

This functionality exists in the mySociety epetitions system. But it’s difficult to write to people as a group if you’re not pre-categorising what people are writing to their MEPs for.Mostly, it just irks me that there’s free, open source software out there to help with these sorts of things; but getting adoption of them inside government is really difficult…